[CentOS] OT: Tool for monitoring traffic IP reception

Fri Aug 31 09:34:05 UTC 2012
Markus Falb <markus.falb at fasel.at>

On 31.8.2012 08:03, C. L. Martinez wrote:
> On Thu, Aug 30, 2012 at 3:58 PM, Peter Eckel <lists-NiwE9pSNePTucvZx32VAuQ at public.gmane.org> wrote:
>> Hi,
>>
>>> Uhmm .. I am reading the docs about SEC, but it only speaks about
>>> event correlation ... How do you do to check if syslog is receiving
>>> data??
>>
>> essentially you set up SEC to watch for the syslog log file where the data are supposed to go, set up a 'Single' rule that creates a context with a lifetime of your choice that has a shellcmd attached to it that sends a mail if it expires.
>>
>> The context will be refreshed everytime a message comes in. If no message arrives for your given expiry period, it will send a mail.
>>
...
>> Not very sophisticated (and I have not tested it, so it might contain errors), but something very similar to it should do the trick.
>>
> 
> It is a really good approach if I use plain log files ... But this
> syslog process acts as a syslog server and stores logs in a mysql
> DB...
> 

Ask the DB. something like
select count(*) from syslog where host = 'x' or host = 'y' and date > z;

You could make this into a nagios or zabbix check or whatever you use
for monitoring and let this handle the notification.
-- 
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120831/d4e02659/attachment-0005.sig>